# ACL
## Get ACL types
`GET` `https://api.appmixer.com/acl-types`
There are two types of access control lists, for components and for API routes. Restricted to **admin** users only.
{% tabs %}
{% tab title="200 Currently there are ACL rules for components and routes. In the future, other types might be added." %}
```javascript
[
"routes",
"components"
]
```
{% endtab %}
{% endtabs %}
## Get ACL rules for components|routes
`GET` `https://api.appmixer.com/acl/:type`
Get list of all the ACL rules for given type. Restricted to **admin** users only.
#### Path Parameters
| Name | Type | Description |
| ---- | ------ | -------------------- |
| type | string | components \| routes |
{% tabs %}
{% tab title="200 This is default list of ACL rules for components. All users can access all components." %}
```
[
{
"role": "admin",
"resource": "*",
"action": [
"*"
],
"attributes": [
"non-private"
]
},
{
"role": "user",
"resource": "*",
"action": [
"*"
],
"attributes": [
"non-private"
]
},
{
"role": "tester",
"resource": "*",
"action": [
"*"
],
"attributes": [
"non-private"
]
}
]
```
{% endtab %}
{% endtabs %}
## Update ACL rules
`POST` `https://api.appmixer.com/acl/:type`
Update ACL rule set for given type. Restricted to **admin** users only.
#### Path Parameters
| Name | Type | Description |
| ---- | ------ | -------------------- |
| type | string | components \| routes |
#### Request Body
| Name | Type | Description | | | | | | |
| ---- | ----- | ---------------------------------------------------------------------------------------------------------------------- | ---- | ------------------------------------------ | ---------------------------------------------------------- | ------------------------------------------------- | ----------- | ------------ |
| | array | Body has to be an array of ACL rules, where each rule has the following structure:
{
role: string - admin | user | tester ...
resource: string - flows | appmixer.utils.\* ...
action: array of strings - \* | read ...
attributes: array of strings - \* | non-private | ...
}
|
{% tabs %}
{% tab title="200 " %}
```
```
{% endtab %}
{% endtabs %}
## Get available resource values
`GET` `https://api.appmixer.com/acl/:type/resources`
Get available values for **resource** property for an ACL rule. This is used for building UI in Backoffice for setting ACL rules. Restricted to **admin** users only.
#### Path Parameters
| Name | Type | Description |
| ---- | ------ | -------------------- |
| type | string | components \| routes |
{% tabs %}
{% tab title="200 Available options for routes type. In case of components it returns pattern that a resource has to match." %}
```
['*', 'flows']
```
{% endtab %}
{% endtabs %}
## Get available action values
`GET` `https://api.appmixer.com/acl/:type/actions`
Get available values for **action** property for an ACL rule. This is used for building UI in Backoffice for setting ACL rules. Restricted to **admin** users only.
#### Path Parameters
| Name | Type | Description |
| ---- | ------ | -------------------- |
| type | string | components \| routes |
{% tabs %}
{% tab title="200 Available options for routes type." %}
```
['*', 'read', '!read', 'create', '!create', 'update', '!update', 'delete', '!delete']
```
{% endtab %}
{% endtabs %}
## Get available options for attributes property.
`GET` `https://api.appmixer.com/acl/:type/resource/:resource/attributes`
Get available values for **attributes** property for an ACL rules. This is used for building UI in Backoffice for setting ACL rules. Restricted to **admin** users only.
#### Path Parameters
| Name | Type | Description |
| -------- | ------ | ------------------------------------------------------ |
| type | string | components \| routes |
| resource | string | resource name - flows, appmixer.utils.controls.\*, ... |
{% tabs %}
{% tab title="200 " %}
```
```
{% endtab %}
{% endtabs %}